利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

159 条记录 (耗时 0.049 秒)

    Methods and systems for protecting data in USB systems
    71.
    发明授权
    Methods and systems for protecting data in USB systems 有权
    在USB系统中保护数据的方法和系统

    公开(公告)号:US07478235B2

    公开(公告)日:2009-01-13

    申请号:US10187259

    申请日:2002-06-28

    申请人: Paul England Kenneth D. Ray Marcus Peinado John C. Dunn Glen Slick Bryan Willman

    发明人: Paul England Kenneth D. Ray Marcus Peinado John C. Dunn Glen Slick Bryan Willman

    IPC分类号: H04L9/00 H04L9/32 G06F11/30

    CPC分类号: G06F12/1408 G06F3/065 G06F13/28 G06F13/362 G06F13/4282 G06F21/606 G06F21/72 G06F21/73 G06F21/78 G06F21/85 G06F2212/1052 G06F2221/0704 G06F2221/2105 G06F2221/2129 G06F2221/2147 G06F2221/2153

    摘要: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

    摘要翻译: 下面描述的各种实施例旨在从在USB总线上操作的I / O设备到主机(例如安全软件应用或安全内核)上执行的软件提供经认证和保密的消息传递。 这些实施例可以防止在主计算机上执行的软件所征收的攻击。 在一些实施例中,提供了安全的功能部件或模块,并且可以使用加密技术来提供对USB数据的观察和操纵的保护。 在其他实施例中,USB数据可以通过不被利用(或不需要利用)加密技术的技术来保护。 根据这些实施例,USB设备可以被指定为“安全”,因此,可以通过USB向这些指定设备发送和从这些指定设备发送的数据提供到受保护的存储器中。 可以利用内存间接技术来确保进出安全设备的数据受到保护。

    Saving and retrieving data based on symmetric key encryption
    72.
    发明授权
    Saving and retrieving data based on symmetric key encryption 有权
    基于对称密钥加密保存和检索数据

    公开(公告)号:US07424612B2

    公开(公告)日:2008-09-09

    申请号:US11557620

    申请日:2006-11-08

    申请人: Paul England Marcus Peinado

    发明人: Paul England Marcus Peinado

    IPC分类号: G06F12/14 H04L9/00

    CPC分类号: G06F21/6218

    摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

    摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用对称密码,以允许只有一个或多个目标程序能够从密文获得数据的方式生成包含数据的密文。 根据其他方面,从呼叫程序接收到位串。 检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。 还验证数据的完整性,并使用对称密钥对数据进行解密。 只有当主叫程序被允许访问数据并且数据的完整性被成功验证时,才将数据返回给调用程序。

    Releasing decrypted digital content to an authenticated path
    73.
    发明授权
    Releasing decrypted digital content to an authenticated path 有权
    将解密的数字内容释放到经过身份验证的路径

    公开(公告)号:US07353209B1

    公开(公告)日:2008-04-01

    申请号:US09525510

    申请日:2000-03-15

    申请人: Marcus Peinado Paul England Frank Yerrace

    发明人: Marcus Peinado Paul England Frank Yerrace

    IPC分类号: G06Q99/00 H04K1/00 H04L9/00

    CPC分类号: G06F21/10 G06F2221/2107

    摘要: Digital content is released to a rendering application for forwarding by such rendering application to an ultimate destination by way of a path therebetween. The path is defined by at least one module, and the digital content is initially in an encrypted form. An authentication of at least a portion of the path is performed to determine whether each defining module thereof is to be trusted to appropriately handle the digital content passing therethrough. The encrypted digital content is decrypted if in fact each such defining module is to be trusted, and the decrypted digital content is forwarded to the rendering application for further forwarding to the ultimate destination by way of the authenticated path.

    摘要翻译: 数字内容被释放到呈现应用程序,用于通过这些渲染应用程序之间的路径转发到最终目的地。 该路径由至少一个模块定义,数字内容最初是加密形式。 执行路径的至少一部分的认证,以确定其每个定义模块是否被信任以适当地处理通过其中的数字内容。 如果实际上每个这样的定义模块都被信任,则加密的数字内容被解密,并且解密的数字内容被转发到呈现应用程序,以便通过认证路径进一步转发到最终目的地。

    Manifest-Based Trusted Agent Management in a Trusted Operating System Environment
    74.
    发明申请
    Manifest-Based Trusted Agent Management in a Trusted Operating System Environment 审中-公开
    受信任的操作系统环境中基于显示的可信代理管理

    公开(公告)号:US20070174921A1

    公开(公告)日:2007-07-26

    申请号:US11558125

    申请日:2006-11-09

    申请人: Paul England Marcus Peinado Daniel Simon Josh Benaloh

    发明人: Paul England Marcus Peinado Daniel Simon Josh Benaloh

    IPC分类号: H04L9/32

    CPC分类号: G06F21/54 G06F21/53 G06F21/57

    摘要: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

    摘要翻译: 在受信任的操作系统环境中的基于清单的可信代理管理包括接收接收到的执行进程的请求,并为进程设置虚拟内存空间。 此外,访问对应于进程的清单,并且可以基于二进制文件中包括在清单中的指示符限制在虚拟存储器空间中执行多个二进制文件中的哪一个。

    Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client
    75.
    发明授权
    Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client 失效
    在数字版权管理客户端保护解密的压缩内容和解密的解密内容

    公开(公告)号:US07239708B2

    公开(公告)日:2007-07-03

    申请号:US09892367

    申请日:2001-06-27

    申请人: Paul England Marcus Peinado Mukund Sankaranarayan

    发明人: Paul England Marcus Peinado Mukund Sankaranarayan

    IPC分类号: H04K1/00

    CPC分类号: G06F21/10 G06F2221/0737 G06F2221/0797 G06F2221/2137 G11B20/00007 G11B20/00086 G11B20/0021

    摘要: Encrypted compressed content is produced by encrypting content based at least in part on a content key, and compressing the content based at least in part on the content key. Thus, the content key is employed to encrypt the content and also to compress the content. Similarly, decrypted decompressed content is produced from the encrypted compressed content by decrypting the content based at least in part on a content key, and decompressing the content based at least in part on the content key. Thus, the content key is employed to decrypt the content and also to decompress the content.

    摘要翻译: 至少部分地基于内容密钥加密内容并且至少部分地基于内容密钥来压缩内容来产生加密的压缩内容。 因此,使用内容密钥来加密内容并且还压缩内容。 类似地,至少部分地基于内容密钥解密内容,并且至少部分地基于内容密钥对内容进行解压缩,从加密的压缩内容产生解密的解密内容。 因此,使用内容密钥来解密内容并且还解压内容。

    Saving and Retrieving Data Based on Symmetric Key Encryption
    76.
    发明申请
    Saving and Retrieving Data Based on Symmetric Key Encryption 有权

    公开(公告)号:US20070067624A1

    公开(公告)日:2007-03-22

    申请号:US11557641

    申请日:2006-11-08

    申请人: Paul England Marcus Peinado

    发明人: Paul England Marcus Peinado

    IPC分类号: H04L9/00

    CPC分类号: G06F21/6218

    摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

    Operating system upgrades in a trusted operating system environment
    77.
    发明授权
    Operating system upgrades in a trusted operating system environment 有权
    在受信任的操作系统环境中操作系统升级

    公开(公告)号:US07159240B2

    公开(公告)日:2007-01-02

    申请号:US09993373

    申请日:2001-11-16

    申请人: Paul England Marcus Peinado Daniel R. Simon Josh D. Benaloh

    发明人: Paul England Marcus Peinado Daniel R. Simon Josh D. Benaloh

    IPC分类号: G06F7/04 G06F12/00

    CPC分类号: G06F21/6281 G06F21/57 G06F21/6218

    摘要: Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core. In accordance with one implementation, the new trusted core is allowed to access only selected application data previously securely stored by the current trusted core.

    摘要翻译: 在受信任的操作系统环境中的操作系统升级允许安装在计算设备上的操作系统的当前可信核心升级到新的可信核心。 允许新的可信赖核心只有在可以验证新的可信核心是当前可信核心所期望的新的可信核心时,才可以访问先前由当前可信核心安全存储的应用程序数据。 根据一个实现,允许新的可信核心仅访问由当前可信核心先前安全存储的所选应用数据。